6 matches found
CVE-2025-66624
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...
CVE-2025-66624
CVE-2025-66624 affects the BACnet Protocol Stack prior to 1.5.0.rc2. The npdu_is_expected_reply function indexes APDU bytes (request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4]) without validating existence, allowing out-of-bounds reads in tiny PDUs. This can cause an immediate crash (DoS) on A...
CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...
CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...
CVE-2018-10238
bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlcbdtforwardnpdu calls bvlcencodeforwardednpdu which copies the content from...
CVE-2018-10238
CVE-2018-10238 affects skarg BACnet Protocol Stack bacserv (versions 0.9.1 and 0.8.5). The root cause is a Buffer Overflow in BVLC forwarded NPDU handling (bvlc_bdt_forward_npdu calls bvlc_encode_forwarded_npdu and copies request data into a local stack frame, clobbering the canary) due to missin...